Help.. System Alert: Trojan-Spy.Win32@mx

Question

My computer have popups : 'System Alert: Trojan-Spy.Win32@mx' in tray icon. How can I remove it? thx Logfile of HijackThis v1.99.1 Scan saved at 08:50:35, on 02-Nov-2006 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\WINNT\System32\msdtc.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe D:\WINNT\System32	cpsvcs.exe D:\WINNT\System32\svchost.exe D:\WINNT\System32\llssrv.exe D:\WINNT\system32egsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\snmp.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\System32\wins.exe D:\WINNT\System32\MsPMSPSv.exe D:\WINNT\System32\dns.exe D:\WINNT\System32\inetsrv\inetinfo.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe D:\WINNT\system32\Dfssvc.exe D:\WINNT\Explorer.exe D:\Program Files\VideoKeyCodec\isamonitor.exe D:\Program Files\VideoKeyCodec\pmsngr.exe D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe D:\Program Files\VideoKeyCodec\pmmon.exe D:\Program Files\VideoKeyCodec\isamini.exe D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe D:\Program Files\Ad Muncher\AdMunch.exe D:\Program Files\Winamp\winampa.exe D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe D:\WINNT\System32\svchost.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\lotus\123\123w.exe D:\Program Files\FlashGet\flashget.exe C:\Downloads\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - D:\Program Files\VideoKeyCodec\isaddon.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [projselector] 'D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe' -r O4 - HKLM\..\Run: [RoxioEngineUtility] 'D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe' O4 - HKLM\..\Run: [RoxioDragToDisc] 'D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe' O4 - HKLM\..\Run: [RoxioAudioCentral] 'D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe' O4 - HKLM\..\Run: [CaAvTray] 'D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe' O4 - HKLM\..\Run: [CAVRID] 'D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe' O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe /scan O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\Ad Muncher\AdMunch.exe /bt O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\webelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\webelated.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{9F29B899-CEB4-4461-B7AB-4DE6157F8433}: NameServer = 202.137.3.120,202.137.3.121 O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

bamajim · Answer

wTbHp

Welcome to DCF

Please go here

And Download SmitFraudFix by S!ri

Save it to your Desktop->>Rt Click->>Extract all->>and extract it to your desktop
Open The Smitfraud folder
Double-click smitfraudfix.cmd
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Open that file, Ctrl+A to copy, and post a copy of that log as a reply to this thread

Do Not run option 2 until instructed to do so

bamajim Graduate of Malware Removal University

bamajim · Answer

wTbHp

No the log should have been much longer that that.

Did you get any warnings fromyour Antivirus program while downloading or extracting the Smitfraudfix file?

bamajim Graduate of Malware Removal University

wTbHp · Answer

@bamajin thanks here is the copy of rapport.txt but nothing to do? isn't it? SmitFraudFix v2.118 Scan done at 9:14:05.93, Fri 03-11-2006

wTbHp · Answer

bamajim nothing but i'll try again

wTbHp · Answer

bamajim i'd try it again but the log file still nothing to do? what's wrong?

wTbHp · Answer

bamajim

just ran in safe mode i found it....!

here the log file :

SmitFraudFix v2.118

Scan done at 12:06:25.12, Fri 03-11-2006
Run from D:\Documents and Settings\Administrator\Desktop\SmitfraudFix2
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Administrator

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

D:\Program Files\VideoKeyCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

bamajim · Answer

wTbHp You may want to print out these instructions for reference 1. Go here and Download AVG Anti-Spyware ( 30 day free trial version) Save it to Your Desktop   Double Click AVG Anti-Spyware-setup (It will create its own folder) Once the program starts You will be at the Status menu Under 'Your computers Security' Click change status on Resident shield to inactive Click Update now (next to last update) After the update loads Under Automatic updates Uncheck download and install updates automatically(recommended) (you can always select maual updates the next day) At the top toolbar Click Scanner Then the settings tab Under How to act? Set default action for detected malwareTo QuarantineUnder how to scan All boxes should be checked Under Possibly unwanted software All boxes should be checked Under reports Select Automatically generate report after every scan Uncheck Only if threats were found Under what to scan Scan every file should be highlited Exit AVG(But do not run it yet) 2. Reboot into Safe Mode This can be done by Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter 3. Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : ' Registry cleaning - Do you want to clean the registry ?' answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question ' Replace infected file ?' by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. 4. Run AVG Anti-Spyware Click scanner Select Complete system scan Once the scan finishes Select Apply all actions (The items found will be quarantined) Click save report as (Another window will open) Save it to your desktop (By default It will be saved in the AVG folder as) C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports Exit AVG Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log. Double click the report-scan txt. you saved to your desktop It will open in Notepad Copy and paste that report as a reply to this thread Your reply should include a fresh hijackthis log your c:rapport.txt log from Smitfraudfix your report_scan.txt from AVG You may have to post the results in more than one reply   bamajim   Graduate of Malware Removal University

wTbHp · Answer

bamajim
1.
Logfile of HijackThis v1.99.1
Scan saved at 13:10:54, on 06-Nov-2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\llssrv.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wins.exe
D:\WINNT\System32\MsPMSPSv.exe
D:\WINNT\System32\dns.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\Explorer.exe
D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\Program Files\Ad Muncher\AdMunch.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\SYSTEM32\Winzip.exe
D:\WINNT\SYSTEM32\Update.exe
D:\lotus\123\123w.exe
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [projselector] "D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe /scan
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F29B899-CEB4-4461-B7AB-4DE6157F8433}: NameServer = 202.137.3.120,202.137.3.121
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe

2.
SmitFraudFix v2.118

Scan done at 11:38:08.56, Mon 06-11-2006
Run from D:\Documents and Settings\Administrator\Desktop\SmitfraudFix2
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\Program Files\VideoKeyCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

3.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:07:13 06-Nov-2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : No action taken.
C:\Canon\WinRAR_3.51.rar/crack.exe -> Downloader.Adload.bo : No action taken.
C:\Canon\WinRAR_3.51_serial_code.rar/crack.exe -> Downloader.Adload.bo : No action taken.
C:\Canon\WinRAR_3.51_serial_codeq.rar/crack.exe -> Downloader.Adload.bo : No action taken.
C:\Canon\Protector Plus 2000 7[1].2.G06.rar/crack.exe -> Downloader.Adload.ch : No action taken.
C:\Canon\WinRAR_3.51.rar/install.exe -> Hijacker.Small : No action taken.
C:\Canon\WinRAR_3.51_serial_code.rar/install.exe -> Hijacker.Small : No action taken.
C:\Canon\WinRAR_3.51_serial_codeq.rar/install.exe -> Hijacker.Small : No action taken.
:mozilla.169:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.170:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.171:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.172:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.173:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.174:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.275:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.161:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.162:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
D:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.289:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.50:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.122:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.123:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.245:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.192:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.105:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.273:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.109:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.92:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.97:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.98:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Canon\Protector Plus 2000 7[1].2.G06.rar/install-setup.exe -> Trojan.Agent.vg : No action taken.
C:\WINZIP_TMP.exe -> Worm.Nyxem.e : No action taken.
C:\office\k8001.exe -> Worm.Nyxem.e : No action taken.
D:\WINNT\Rundll16.exe -> Worm.Nyxem.e : No action taken.
D:\WINNT\WINZIP_TMP.exe -> Worm.Nyxem.e : No action taken.
D:\WINNT\system32\Update.exe -> Worm.Nyxem.e : No action taken.
D:\WINNT\system32\Winzip.exe -> Worm.Nyxem.e : No action taken.
D:\WINNT\system32\scanregw.exe -> Worm.Nyxem.e : No action taken.
[1436] D:\WINNT\SYSTEM32\Winzip.exe -> Worm.Nyxem.e : No action taken.
[1928] D:\WINNT\SYSTEM32\Update.exe -> Worm.Nyxem.e : No action taken.

::Report end

bamajim · Answer

wTbHp

Almost. I need you to recheck the settings on AVG Antispyware

The report shows this

C:\Canon\WinRAR_3.51.rar/crack.exe -> Downloader.Adload.bo : No action taken

So our settings are wrong in AVG

Open AVG Anitspyware

At the top toolbar Click Scanner Then the settings tab

Under How to act? Set default action for detected malwareTo Quarantine
Under how to scan All boxes should be checked
Under Possibly unwanted software All boxes should be checked
Under reports Select Automatically generate report after every scan
Uncheck Only if threats were found
Under what to scan Scan every file should be highlited

Then Rerun AVG in Safe Mode and Once the scan finishes

Select Apply all actions (The items found will be quarantined)
Click save report as (Another window will open)
Save it to your desktop
(By default It will be saved in the AVG folder as)
C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Then Repost the Report_scan.txt from AVG

bamajim Graduate of Malware Removal University

wTbHp · Answer

bamajim
repost report scan

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:29:52 07-Nov-2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Canon\WinRAR_3.51.rar/crack.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Canon\WinRAR_3.51_serial_code.rar/crack.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Canon\WinRAR_3.51_serial_codeq.rar/crack.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Canon\Protector Plus 2000 7[1].2.G06.rar/crack.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\Canon\WinRAR_3.51.rar/install.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Canon\WinRAR_3.51_serial_code.rar/install.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Canon\WinRAR_3.51_serial_codeq.rar/install.exe -> Hijacker.Small : Cleaned with backup (quarantined).
:mozilla.181:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.300:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.58:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.140:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.141:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.257:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.204:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.60:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.23:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.284:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.127:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.112:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.117:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kt4yke1b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Canon\Protector Plus 2000 7[1].2.G06.rar/install-setup.exe -> Trojan.Agent.vg : Cleaned with backup
(quarantined).
C:\Downloads\AVG.Anti-Spyware\WinZip_Tmp.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\Downloads\Audio[1].Converter.Express.v4.0\Audio.Converter.Express.v4.0.WinALL.CRACKED-LUCiD\WinZip_Tmp.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\Downloads\WinZip_Tmp.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1004336348-682003330-1801674531-500\Dc48.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\WINZIP_TMP.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\office\000_0010.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\office\DCP_1567 (2).exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\office\Thumbs.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\office\k8001.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
D:\Program Files\Full Audio Converter\WinZip_Tmp.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
D:\WINNT\Rundll16.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
D:\WINNT\WINZIP_TMP.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
D:\WINNT\system32\scanregw.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).

::Report end

bamajim · Answer

wTbHp   Well Done :smileyhappy:   Could I see a fresh Hijackhtis log please   bamajim   Graduate of Malware Removal University

wTbHp · Answer

bamajim
fresh Logfile of HijackThis v1.99.1
Scan saved at 14:31:35, on 07-Nov-2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\llssrv.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wins.exe
D:\WINNT\System32\MsPMSPSv.exe
D:\WINNT\System32\dns.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.exe
D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Ad Muncher\AdMunch.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
D:\WINNT\SYSTEM32\Winzip.exe
D:\WINNT\SYSTEM32\Update.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\lotus\123\123w.exe
D:\Program Files\MRConverter\MRConverter.exe
D:\WINNT\system32\rundll32.exe
C:\off (2)\w8\games\PsmPlay5.41.exe
D:\Program Files\PSM5\PsmPlay5.41.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\System32\SNDVOL32.EXE
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [projselector] "D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe /scan
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F29B899-CEB4-4461-B7AB-4DE6157F8433}: NameServer = 202.137.3.120,202.137.3.121
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe

bamajim · Answer

wTbHp Looking good, almost there. First Please download the Killbox. 1)Save it to the desktop and run it. 2) Select ' Delete on Reboot', and then select 'All files'. 3) Copy the file names below to the clipboard by highlighting them and pressing Control-C: D:\WINNT\System32\wins.exe 4) Return to Killbox, go to the File menu, and choose ' Paste from Clipboard'. 5) Click the red-and-white ' Delete File' button.  Click ' Yes' at the Delete on Reboot prompt.  Click ' No' at the Pending Operations prompt. Next Reboot your PC->>Rerun Hijackthis and post a fresh log   bamajim   Graduate of Malware Removal University

wTbHp · Answer

bamajim

Fresh Logfile of HijackThis v1.99.1
Scan saved at 09:53:20, on 08-Nov-2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\llssrv.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\rsvp.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wins.exe
D:\WINNT\System32\MsPMSPSv.exe
D:\WINNT\System32\dns.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.exe
D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\WINNT\SYSTEM32\Winzip.exe
D:\WINNT\SYSTEM32\Update.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [projselector] "D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe /scan
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F29B899-CEB4-4461-B7AB-4DE6157F8433}: NameServer = 202.137.3.120,202.137.3.121
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe

wTbHp · Answer

bamajim
page 1 (2)

2006-11-08,11:31:17

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server (Build 2195)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"D:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r> [Roxio]
"D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"> [Roxio]
"D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"> [Roxio]
"D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"> [Roxio, Inc.]
[N/A]
"D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
scan> [WinZip 8.1]
"D:\Program Files\Ad Muncher\AdMunch.exe" /bt> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Corporation]
[(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [Anti-Malware Development a.s.]

==================================
Startup Folders
[Acrobat Assistant]
D:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]>

==================================
Services
[Logical Disk Manager Administrative Service / dmadmin]
com>
[WMDM PMSP Service / WMDM PMSP Service]

==================================
Drivers
[Avance Wave Audio Miniport Driver (WDM) / als4k]

[Gameport for ALS4000 (WDM) / alsgame]

[atirage3 / atirage3]

[AVG Anti-Spyware Clean Driver / AvgAsCln]

[Bluetooth Audio Service / BlueletAudio]
A>
[Bluetooth SCO Audio Service / BlueletSCOAudio]
A>
[Bluetooth PAN Network Adapter / BT]
A>
[Bluetooth HID Enumerator / BTHidEnum]
A>
[Bluetooth HID Manager Service / BTHidMgr]
\SystemRoot\System32\Drivers\BTHidMgr.sys>A>
[Cdr4_2K / Cdr4_2K]

[Cdralw2k / Cdralw2k]

[cdudf / cdudf]

[dmboot / dmboot]

[Logical Disk Manager Driver / dmio]
\SystemRoot\System32\drivers\dmio.sys>
[dmload / dmload]
\SystemRoot\System32\drivers\dmload.sys>
[DVDVRRdr / DVDVRRdr]

[dvd_2K / dvd_2K]

[HP 10/100TX PCI LAN Adapter NT Driver / HPTX]

[mmc_2K / mmc_2K]

[PMEM / PMEM]
\??\D:\WINNT\System32\drivers\pmemnt.sys>
[Direct Parallel Link Driver / Ptilink]

[pwd_2k / pwd_2k]

[PxHelp20 / PxHelp20]
\SystemRoot\System32\Drivers\PxHelp20.sys>
[sym_hi / sym_hi]
\SystemRoot\System32\DRIVERS\sym_hi.sys>
[UdfReadr / UdfReadr]

[Virtual Serial port driver / VComm]
A>
[Bluetooth VComm Manager Service / VcommMgr]
A>
[Sony Ericsson W810 Driver driver (WDM) / w810bus]

[Sony Ericsson W810 USB WMC Modem Filter / w810mdfl]

[Sony Ericsson W810 USB WMC Modem Driver / w810mdm]

[Sony Ericsson W810 USB WMC Device Management Drivers (WDM) / w810mgmt]

[Sony Ericsson W810 USB WMC OBEX Interface / w810obex]

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} A>
[@msdxmLC.dll,-1@1033,&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[Block frame with Ad Muncher]
/www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=935901DS&id=menu_ie_frame, N/A>
[Block image with Ad Muncher]
/www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=935901DS&id=menu_ie_image, N/A>
[Block link with Ad Muncher]
/www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=935901DS&id=menu_ie_link, N/A>
[Don't filter page with Ad Muncher]
/www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=935901DS&id=menu_ie_exclude, N/A>
[Download All by FlashGet]
A>
[Download using FlashGet]
A>
[Report page to the Ad Muncher developers]
/www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=935901DS&id=menu_ie_report, N/A>

Virus & Spyware

Help.. System Alert: Trojan-Spy.Win32@mx

Was this post helpful?